CVE-2011-0364

Cisco Security Agent - Code Injection

Title source: rule
STIX 2.1

Description

The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Gerry Eisenhaur · pythonremotewindows
https://www.exploit-db.com/exploits/17155

References (12)

Core 12
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-088
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8197
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025088
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516505/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8205
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43383
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8095
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46420
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0424
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43393
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65436

Scores

EPSS 0.1312
EPSS Percentile 94.1%

Details

CWE
CWE-94
Status published
Products (3)
cisco/security_agent 5.1
cisco/security_agent 5.2
cisco/security_agent 6.0
Published Feb 19, 2011
Tracked Since Feb 18, 2026